Why security ICs are beneficial for authentication
Challenge-response authentication always needs the object to be authenticated to hold a secret. In symmetric cryptography, this is the shared secret between the host and the device. For asymmetric cryptography, this is the private key. In any case, the security brought by challenge-response authentication breaks when the secret is revealed. Here’s where security ICs can help. One fundamental feature of security ICs is to provide strong protection of keys and secrets.
Maxim offers three families of solutions to support authentication:
- Authentication ICs: These are configurable but fixed-function devices that provide the most affordable way to implement challenge-response authentication, along with a compact set cryptographic operations
- Secure microcontrollers: On top of supporting challenge-response authentication, these devices offer a full set of cryptographic functions, including encryption
- Low-power microcontrollers: While these products do not exclusively target security, they have all of the building blocks required to enable strong authentication
Within authentication ICs, the SHA-256-based products support authentication based on shared secrets (Figure 3), while ECDSA-based ICs use a private/public key pair (Figure 4).
In addition to the cryptographic engines, these products feature on-board EEPROM memory. This memory is configurable and can be used to store authenticated user data such as calibration information for sensors.
SHA-256-based products are the most affordable solutions. While they enable mutual authentication, the distribution of the shared secret requires some precautions so that the secret is not exposed during device manufacturing and set-up. The secret can be programmed in a Maxim factory to circumvent this drawback.